Equipment which can be connected to the Internet, such as a personal computer or a mobile phone which have come into wide use in recent years, can download programs from various servers via the Internet. Therefore, anyone can develop a program freely and upload it to a server, and can also download any program uploaded to this server to target equipment to execute it. However, there is a possibility that if downloading and executing a malicious program, a program containing a design error, or the like, the target equipment may malfunction or suffer damage, such as leakage of information in the equipment.
To solve this problem, conventionally, an authentication authority carries out an operation test of a program developed by a program developer, and ensures the security of the operation of the program by adding information indicating permission to access only to a required resource. For example, according to an access control method for use in communication terminals, which is disclosed by patent reference 1, an authentication authority examines a Java (registered trademark, hereafter omitted) application intended for mobile phones, which a content provider makes a request of the authentication authority to authenticate, and, when the authentication authority authenticates that this Java application is an authorized program which satisfies a predetermined operation requirement as a program which accesses resources for which the content provider has applied and which can access the resources, it gives resource specification information specifying the resources to the Java application by using an authentication server. A mobile phone restricts resources which a Java application which is authorized by an authentication authority can access during the application's execution to the resources specified by the resource specification information added to this Java application.    [Patent reference 1] JP, 2003-283494, A
However, from the viewpoint of the security, the operation of a program which is installed in, for example, a vehicle-mounted information system like a car navigation apparatus must be limited according to the operating state of the vehicle, for example, whether the vehicle is traveling or standing still, unlike as in the case of a program installed in a mobile phone. Therefore, the method disclosed by patent reference 1 cannot carry out adequate operation verification and cannot provide appropriate access permission. In order to encourage general and ordinary programmers to develop programs, it is convenient to simultaneously perform both a verification of the operation of a program and a provision of the program which has been verified.
It is therefore an object of the present invention to provide a program providing device suitable for a verification of the operation of a program which is developed for a vehicle-mounted information system, and a provision of the program, and the vehicle-mounted information system which executes the program provided by the program providing device.